G
The International Scope of Cryptography Policy
G.1 INTERNATIONAL DIMENSIONS OF
CRYPTOGRAPHY POLICY
Any U.S. cryptography policy must take into account a number
of international dimensions, the most important of which is
the fact that the United States today does not have
unquestioned dominance in the economic, financial,
technological, and political affairs of the world as it
might have had at the end of World War II. Thus, the United
States is not in a position to dictate how the rest of the
world should regard cryptographic technology as it becomes
more relevant to nonmilitary and nondiplomatic matters.
A second critical consideration is the international scope
of business, as described in Chapter 1. Increasingly, firms
need to be able to communicate with their subsidiaries or
affiliates across national boundaries, as well as with
nonaffiliated partners in joint ventures or in strategic
alliances. Whether multinational or not, U.S. firms will
need to communicate with customers and suppliers on a
worldwide basis. Foreign customers need to be able to pay
U.S. vendors, and vice versa, in a way that respects
different monetary systems; thus, financial transactions
occur increasingly over international boundaries, resulting
in a truly global banking and financial system. To the
extent that these various types of communications must be
secure, cryptography provides a very important tool for
ensuring such security.1 Thus, differing national policies
on cryptography that lead to difficulties in international
communications work against overall national policies that
are aimed at opening markets and reducing commercial and
trade barriers.
Related is the fact that U.S. companies, including the high-
technology companies that manufacture information technology
products with worldwide acceptance and popularity, face the
potential of significant foreign competition, as discussed
in Chapter 4. To the extent that these companies constitute
major U.S. national assets, policy actions that affect their
international competitiveness must be considered very
carefully.
A final international dimension is that other nations also
have the option to maintain some form of export controls on
cryptography, as well as controls on the import and use of
cryptography. Such controls form part of the context in
which U.S. cryptography policy must be formulated.
G.2 SIMILARITIES IN AND DIFFERENCES BETWEEN THE
UNITED STATES AND OTHER NATIONS WITH
RESPECT TO CRYPTOGRAPHY
Despite the international scope of cryptography policy, the
international scene is dominated by national governments.
All national governments have certain basic goals in common:
To maintain national sovereignty,
To protect public safety and domestic order,
To look after their nation’s economic interests, and
To advance their national interests internationally.
These common goals translate into policy and interests that
are sometimes similar and sometimes different between
nations. Perhaps the most important point of similarity is
that national governments are likely to take actions to
mitigate the threat that the use of cryptography may pose to
their ability to achieve the goals listed above.2 A
corollary is that foreign national governments are likely to
resist unilateral U.S. decisions that affect the use of
cryptographic technologies within their borders (e.g., by
threatening their control over cryptography). For example,
they will likely oppose the use of cryptographic
communications systems within their borders for which the
keys are escrowed solely in the United States.
The existence of a range of limited, shared interests among
nations nevertheless suggests at least the possibility of
international cooperation and formal agreements on
cryptography policy. For example, law enforcement is a
concern that constitutes a generally shared interest. The
reason is that many nations have a more or less equivalent
sense of actions that should subject an individual to the
sanction of law, at least in certain domains--murder and
kidnapping are examples of actions that are crimes in almost
every nation.3 Some aspects of law enforcement have
explicitly international dimensions, such as global
organized crime and terrorism.4 A second area of shared
interest is in maintaining the integrity of the financial
systems of each nation, because failures in one part of an
interconnected financial system may well ripple through the
entire system. Individual privacy is another common
interest; in some nations, for example, the notion of
widespread government surveillance of communications in
society causes public and political concern, as it would in
the United States.5
On the other hand, there are many national differences that
potentially obstruct the achievement of agreements:
Differing expectations regarding citizens’ rights (e.g.,
rights to privacy, rights to trial, rights to express
dissent freely, the relative balance of personal versus
societal rights) and methods by which such rights can be
enforced. For example, the United States has a tendency to
enforce privacy rights through market mechanisms, whereas
many European governments generally take a more active
policy role in protecting such rights. Moreover, the United
States has a rich tradition of public debate and argument,
and dissenting discourse is far more the rule than the
exception compared to most foreign nations, whose publics
tend to exhibit a greater willingness to grant certain
powers to the state, a less adversarial relationship toward
the government, and more trust in the ability of government
to do what is in the national interest. (Indeed, at a
public meeting a representative of the National Security
Agency noted complaints from foreign intelligence services
that the U.S. policy debate had raised public visibility of
the cryptography issue within their countries.)
Business-government relationships. In some nations, it is
the expectation that national intelligence services will
cooperate with and assist businesses that in the United
States would be regarded as entirely separate from
government. Indeed, many foreign nations operate with fewer
and more blurred lines between government and “private”
businesses than is true in the United States. In areas such
as standards setting that are relevant to businesses, the
United States tends to rely on market forces rather than
government much more than other nations do.
What constitutes “fair” business practices. In principle,
many nations give lip service to the idea of confidentiality
in commercial transactions and the notion of fair
competition, but the actual practices of nations are often
at variance with these statements.
Status. As a global power, the U.S. scope of activities
for monitoring external traffic (i.e., traffic between two
other nations) is greater than that of other nations, which
are concerned mostly about communications into and out of
their borders. The status of the United States as a global
power also makes its citizens and facilities high-profile
targets for terrorist attacks throughout the world.
Access to technology. On average, U.S. citizens tend to
have a higher degree of access to and familiarity with
information technology than do citizens of other nations.
Furthermore, the information technology deployed
internationally has tended to be less sophisticated than
that deployed in the United States; with some exceptions,
this lack of sophistication is reflected generally as well
in the level of deployed technology that supports security.6
Thus, the body politic in the United States arguably has
more at stake than that in other nations.
Finally, the foreign governments relevant to the policy
issues of cryptography range from very friendly to very
hostile.
Some nations are very closely aligned with the United
States, and the United States has no real need to target
their communications (nor they ours).
Some nations are allies in some domains and competitors in
others, and the circumstances of the moment determine U.S.
needs for access to their communications.
Some nations are pariah or rogue nations, and as a general
rule, the United States would be highly interested in the
substance of their communications.
G.3 Foreign Export Control Regimes
The United States is not the only nation that imposes export
control restrictions on cryptography. Many other nations,
especially former members of the Coordinating Committee
(CoCom--see below), control the export of cryptography to
some extent.7 CoCom nations included Australia, Belgium,
Canada, Denmark, France, Germany, Greece, Italy, Japan,
Luxembourg, the Netherlands, Norway, Portugal, Spain,
Turkey, the United Kingdom, and the United States.8
CoCom was a Western response to the threat of the Soviet
Union in the days of the Cold War.9 Under the CoCom export
control regime, member nations agreed to abide by
regulations governing the export of many militarily useful
items, including cryptography, to nations that were
potential adversaries of the West (generally Eastern bloc
nations and rogue nations).
The regime was more successful in those instances in which
the technology in question was U.S. source, and thus what
was needed from other CoCom members was control over re-
export, or in which there was strong cooperation based on
political agreement that the technology should be kept away
from controlled destinations, despite its general
availability in other CoCom nations. CoCom controls did not
work perfectly, but they had some nontrivial impact. For
example, export controls did not prevent the Soviets from
obtaining certain types of computers, but they probably had
fewer of those computers than if there had been no export
controls. This had some advantages for the West: the
Soviets were locked into old first-generation computers in
many cases; also, they did not have many and, thus, had to
use them only on their highest-priority projects.
On the other hand, CoCom controls were less successful when
Non-CoCom countries (e.g., Taiwan and Korea) developed
indigenous capabilities to produce CoCom-controlled
technologies and a willingness to sell them;
CoCom member nations disagreed among themselves about the
danger of exporting certain products to Eastern bloc
nations; and
The items in question were dual-use items.
All of these conditions currently or potentially obtain with
respect to cryptography,10 although they should not be taken
to mean that cooperative, multinational CoCom-like controls
on cryptography would be hopeless. Also, it is important to
note that the intent of the CoCom export control regime was
to prevent militarily significant technologies (including
cryptography) from falling into the hands of the Eastern
bloc, rather than to inhibit mutually advantageous sharing
of military technology among the member states.
History demonstrates that the United States has always
applied tighter export controls for security and foreign
policy reasons than any agreement with other nations might
otherwise mandate.11 For example, since cryptography is in
general controlled by the United States as a munitions item,
the same export controls on cryptography apply to products
destined for England (a CoCom member) and Saudi Arabia (a
non-CoCom member), though the decision-making process might
well generate different answers depending on the receiving
nation. A staff study by the U.S. International Trade
Commission found that the export controls on encryption
maintained by many other nations apply for the most part to
certain proscribed (or “rogue”) nations. Thus, there are in
general more restrictions on the export of products with
encryption capability from the United States than from these
other nations, even though all of the nations in question
maintain export controls on encryption.12
G.4 FOREIGN IMPORT AND USE CONTROL REGIMES
A number of nations discourage cryptography within their
jurisdictions through a combination of import controls and
use controls. Import controls refer to restrictions on
products with encryption capability that may be taken into a
given nation; use controls refer to restriction on the use
of such products within their jurisdictions.
At the time of this writing (early 1996), Finland, France,
Israel, Russia, and South Africa assert the authority,
through an explicit law or decree, to exercise some degree
of explicit legal control over the use and/or import of
cryptography within their borders;13 a number of other
nations are reported to be investigating the possibilities
of legal restrictions. On the other hand, the fact that a
law regulating the use of cryptography is on the books of a
nation does not mean that the law is consistently enforced.
For example, at the International Cryptography Institute
1995 conference,14 speakers from France and Russia both
noted the existence of such laws in their nations and
observed that for the most part those laws generally were
not enforced and thus did not inhibit the widespread use of
cryptography in those nations.15
The flip side of unenforced laws is the case of a nation
that applies informal controls: a nation without explicit
laws forbidding the use of secure communications devices may
nonetheless discourage their import.16 In addition, nations
have a variety of mechanisms for influencing the use of
cryptography within the country:
Laws related to the public telephone system. In most
nations the government has the legal authority to regulate
equipment that is connected to the public telephone network
(e.g., in homologation laws). In the event that a nation
wishes to discourage the use of encrypted telephonic
communications, it may choose to use existing homologation
laws as a pretext to prevent users from connecting to the
network with secure telephones.
Laws related to content carried by electronic media. In
some nations, the transmission of certain types of content
(e.g., sexually explicit material) is prohibited. Thus, a
nation could argue that it must be able to read encrypted
transmissions in order to ensure that such content is indeed
not being transmitted.
Trade laws or other practices related to the protection of
domestic industries. Many nations have trade policies
intended to discourage the purchase of foreign products
and/or to promote the purchase of domestic products;
examples in the United States include “buy American” laws.
Such policies could be used selectively to prevent the
import of products with encryption capabilities that might
pose a threat to the law enforcement or national security
interests of such a nation. In other nations, laws may be
explicitly neutral with respect to local or foreign
purchases, but long-standing practices of buying locally may
prove to be formidable barriers to the import of foreign
products.
Licensing arrangements. A company (especially a foreign
one) seeking to do business under the jurisdiction of a
particular cryptography-unfriendly government may have to
obtain a number of licenses to do so. Many governments use
their discretionary authority to impose “unofficial”
requirements as conditions for doing business or granting
the licenses necessary to operate (e.g., the need to bribe
various government individuals or informal “understandings”
that the company will refrain from using cryptography).
Many anecdotal examples of active government discouragement
of cryptography circulate in the business community. For
example, a businessperson traveling in a foreign nation
brought a secure telephone for use in her hotel room; a few
hours after using it, she was asked by a hotel manager to
discontinue use of that phone. A press report in the
Karachi daily Dawn reported on February 26, 1995, that the
government of Pakistan shut down a cellular network run by
Mobilink, a joint venture between Motorola and Pakistani
SAIF Telecom, because it was unable to intercept traffic.17
Nevertheless, it is possible (or will be in the near future)
to circumvent local restrictions through technical means
even if attempts are made to enforce them. For example,
direct satellite uplinks can carry communications without
ever passing that information through the telecommunications
network of the host nation.18 If available, superencryption
(i.e., encrypting information before it is entered into an
approved encryption device) can defeat an eavesdropper armed
with the key to only the outer layer of encryption; the use
of superencryption cannot even be detected unless a portion
of the encrypted communication is decrypted and analyzed.
(See also the discussion in Chapter 7 on prohibiting the use
of unescrowed encryption.)
To summarize, in some cases, a U.S. vendor that receives an
export license from U.S. authorities to sell in a given
foreign market may well encounter additional complications
due to the import and use controls of the target nation.
Indeed, a number of other nations rely on U.S. export
controls to keep strong encryption products out of the
market in their countries.
G.5 THE STATE OF INTERNATIONAL AFFAIRS TODAY
Today, international communications are conducted with no
universally adopted information or communications privacy
and security standards or policies. This is not surprising;
the communications systems in use worldwide are highly
heterogeneous, are made by many different manufacturers, and
embody many different standards; under these circumstances,
security-specific aspects of these systems cannot be
expected to be either standardized or government certified.
In the absence of common understanding, ensuring information
privacy or security is an ad hoc affair. Cryptographic
equipment is freely available, and standards to ensure
interoperability and compatibility emerge, in many cases,
through a market process with no intervention on the part of
any national government. Cryptographic equipment on the
market is not always tested or certified by national
authorities or any organization with the responsibility for
undertaking such testing.
Some of the future consequences of this current are likely
to include the following:
Interoperability of communications equipment involving
cryptography will be difficult.19
Some companies and businesses will be able to implement
very high quality security, while others fall victim to the
purveyors of shoddy security products.
National governments will be unable to use wiretapping as
a tool for enforcing criminal laws and pursuing national
security interests in many cases.
Needless to say, these consequences are undesirable for
reasons related to business and commerce, national security,
and law enforcement. How governments have responded to
these undesirable consequences is discussed in Section G.7.
G.6 OBTAINING INTERNATIONAL COOPERATION ON POLICY
REGARDING SECURE COMMUNICATIONS
If the use of the global information infrastructure (GII) is
to grow with the blessings of governments, common
arrangements among governments are needed. To the extent
that U.S. national cryptography policy affects
communications and information transfer across national
boundaries, it has international implications.
One approach is that the United States will set a standard
on secure communications that accommodates the needs of
various national governments around the world. This
approach is based on the assumption that the United States
is the dominant player with respect to international
communications and information transfer, and that actions
taken by the United States to promote a future global
information infrastructure set at least a de facto standard
to which all other parties to the GII will have to adhere.
The result would be that U.S. national policy becomes the de
facto international policy.
The committee does not believe that this approach is
feasible today. Rather, the committee proceeds from the
belief that the United States will be an important but not
the controlling international player with respect to
international communications and information transfer.
Thus, the United States cannot operate unilaterally and will
have to reach accommodation with other national governments.
By taking as given the fact that nation-states will continue
to try to exert sovereignty over activities within their
borders, including the pursuit of law enforcement and
national security activities, the following statements seem
warranted:
1. Common and cooperative policies are possible if and only
if national governments agree to them.
2. National governments will allow policies to be set in
place if these policies are consistent in some overall sense
with the equities they seek to maintain.
3. A national government will not base its policies on the
assumption that it will abuse the rights of its citizens (as
it defines them).
By assumption, cryptography threatens the ability of
national governments to monitor the communications of
others. Thus, according to statement 2, controls on the use
of cryptography are a plausible governmental policy option
as discussed above. At the same time and despite this
threat, some foreign governments could be willing to allow
secure international communications on a case-by-case basis,
where the scope and nature of use are clearly delimited
(i.e., relatively small-scale use, clearly specified use).
Of course, the United States places no restrictions at all
on the use of secure communications domestically at this
time.
Over the next 10 years, some of those countries will surely
change their minds about encryption, though in what
direction is as yet not clear. Other nations are beginning
to pay attention to these issues related to interception of
communications and wiretapping and have many of the same
concerns that the U.S. government has. Indeed, as
international partnerships between U.S. and foreign
telecommunications companies increase, it is likely that
foreign intelligence agencies’ awareness of these issues
will increase. Such concerns in principle suggest that an
international agreement might be possible with respect to
these issues.
At the same time, the United States has a stronger tradition
of individual liberties than many other nations, and it is
conceivable that the United States might be the “odd man
out” internationally. For example, the official U.S. view
that it will not impose legal restrictions on the use of
cryptography within its borders may run contrary to the
positions taken by other nations. An international
agreement that accommodates such differing degrees of legal
restriction is hard to imagine.
A global information infrastructure allows conceptually for
two different policy structures regarding international
communication and data transmission:
1. Common policies shared and implemented by many nations
cooperatively, or
2. Individual policies implemented by each nation on its
own.
Of course, it may be that some group of nations can agree to
a set of common policies, while other nations will operate
individually.
By definition, individual policies of nations may conflict
at national borders.20 For nations whose policies on
cryptography do not agree, international interconnection
will be possible only through national gateways and
interfaces that handle all international traffic.21 For
example, Nations A and B might require users to deposit all
cryptographic keys with the national government but
otherwise leave the choice of cryptographic equipment up to
the relevant users. An A national communicating with a B
national might see his or her traffic routed to a switch
that would decrypt A’s transmission into plaintext and re-
encrypt it with the B national’s key for ultimate
transmission to the B national.22
This hypothetical arrangement is insecure in the sense that
text can be found in the clear at the border interface
points. It is therefore clumsy and arguably unworkable on a
practical scale. Thus, the problem of obtaining
international cooperation on policy regarding secure
communication is addressed here.
In the export control domain, attempts are under way to
establish an organization known as the New Forum to achieve
some common policy regarding exports. The mandate of the
New Forum is to “prevent destabilizing buildups of weapons
and technologies in regions of tension, such as South Asia
and the Middle East, by establishing a formal process of
transparency, consultation, and multilateral restraint [in
the export of critical technologies].”23 The New Forum is
expected to include the CoCom nations, as well as Hungary,
Poland, and the Czech Republic and a number of cooperating
states. The New Forum is similar in many ways to CoCom, but
one critical difference is that unlike CoCom, New Forum
members do not have veto power over individual exports
involving member nations; member states retain the right to
decide how to apply the New Forum export control regime to
specific instances.24
In the domain of policy regarding the use of encryption,
serious attempts at international discussion are beginning
as of this writing (early 1996). For example, in December
1995, the Organization for Economic Cooperation and
Development (OECD) held a meeting in Paris, France, among
member nations to discuss how these nations were planning to
cope with the public policy problems posed by cryptography.
In order to stimulate thought about alternative ways of
approaching an international regime for cryptography (with
respect to both export control and use), it is useful to
consider how international regimes in other areas of policy
are constructed. This is to a certain extent a taxonomic
exercise, but it has the virtue that it opens wider
perspectives than if we limit ourselves to prior
arrangements in the law enforcement and intelligence fields.
Moreover, it permits an analysis to profit from experience
in other fields of foreign policy. That said, most
successful international efforts are built on precedents
from the past, and therefore it may be a mistake to start
out too ambitiously.
Two dimensions should be kept separate, one organizational
and the other substantive. Is there to be an international
organization; a treaty; something less, such as an
international agreement; parallel bilateral agreements; or,
at the least ambitious end, merely a coordination of policy
between the U.S. executive branch and other governments?
With respect to international agreement on the substantive
dimension, four different approaches reflect varying levels
of ambition:
Unification of law in the cooperating countries involved.
Unification means simply that the law of each cooperating
country would be the same.
Harmonization. Harmonization refers to a general
similarity of law among national laws, with purely local
differences or relatively unimportant differences remaining.
These differences would be slight enough to preclude major
distortions of trade or serious policy disagreements among
nations. Harmonization of law is particularly common in
Europe.
Mutual recognition. Under mutual recognition, when one
government approves a product manufactured within its
borders as being consistent with an agreed-upon standard,
another government will allow that product to be imported
and used within its territory. In a world with a variety of
cryptographic options, the options then would have to be
certified by the home government before they could be
imported and used in the territories of cooperating
countries. For example, perhaps mutual recognition would
require that any escrow holder certified by one government
would be acceptable to other governments.
Interoperability. Cooperating nations would work, perhaps
in part through telephone companies and PTTs, to ensure that
encrypted communications across national borders would
remain encrypted but also conform to national laws.
Interoperability would require some agreement among
cooperating nations that limited the kinds of encryption
acceptable domestically and provided for exchange of keys.
(For example, a foreign government might require an
interface for international communications at a border
through which traffic would have to be passed in the clear
or encrypted in a way that it could read.) Technical
approaches to interoperability would probably require
translation facilities that reconcile policies at national
borders, automatic recognition of protocols being used, and
automatic engagement of the necessary technology.
The feasibility of a cooperative regime on secure
international communications is likely to require the
consensus of a core group of nations. Such a consensus
would then set standards that other nations would have to
follow if they wanted to share the benefits of interacting
with those core nations; nations that refuse to accept the
arrangement would by implication be cut off from
applications that demand cryptographic protection (although
they would still be able to transact and communicate in the
clear). For obvious reasons, this suggests that the core
group of nations would have considerable aggregate economic
power and influence. (Note that a division of the world
into core and noncore nations might require the
fractionation of a multinational company’s information
network into those inside and outside the core group.)
G.7 THE FUNDAMENTAL QUESTIONS OF INTERNATIONAL CRYPTOGRAPHY
POLICY
If the assumption is made that escrowed encryption is the
underpinning of national governments’ attempting to manage
cryptography, three basic questions arise regarding
cryptography policy internationally.
G.7.1 Who Holds the Keys?
Any of the agents described in Chapter 5 are candidates for
key holders: these include government agencies, private for-
profit organizations that make a business out of holding
keys, vendors of escrowed encryption products, and customers
themselves (perhaps the end user, perhaps an organization
within the corporation making the purchase). The various
pros and cons of different types of escrow agents described
in Chapter 5 apply equally in an international context.
G.7.2 Under What Circumstances Does the Key Holder
Release the Keys to Other Parties?
From the standpoint of U.S. policy, one essential question
is which nation’s or nations’ laws control the actions of
escrow agents vis-a-vis the release of keys. Conceptually,
three possibilities exist:
1. The U.S. government (or escrow agents subject to U.S.
law) holds all keys for all escrowed encryption products
used by U.S. persons or sold by U.S. vendors, regardless of
whether these products are used domestically or abroad.25
2. The U.S. government (or escrow agents subject to U.S.
law) holds all keys for all escrowed encryption products
used by U.S. persons, and foreign governments (or escrow
agents subject to the laws of those foreign governments)
hold all keys for escrowed encryption products used by
nationals of those governments.26
3. Both the U.S. government and Nation X have access to all
keys for escrowed encryption products that are used in
Nation X, and either the United States or Nation X can
obtain the necessary keys.
Products used in Nation X would most likely be purchased in
Nation X, but this is not a requirement. Note also that a
wide variety of escrowing schemes exist, many of which are
described in Chapter 5.
For the most part, options 1 and 3 compromise the
sovereignty of foreign nations, and it is hard to imagine
that a strong U.S. ally would publicly announce that its
citizens and industries were vulnerable to U.S. spying
without their approval. Early in this study (late 1994),
the committee took testimony from senior Administration
officials to the effect that option 1 was likely feasible,
but the Administration appears to have backed off from this
position in its most recent statements (late 1995).
Only option 2 is symmetric: the United States holds keys for
escrowed encryption products used by U.S. persons or sold in
the United States, and foreign nations do the same for their
persons and products. Option 2 could meet the international
law enforcement concern in much the same way that the law
enforcement agencies of various nations cooperate today on
other matters. Such cooperation might be the focus of
explicit bilateral agreements between the United States and
other nations; such agreements might well build on existing
cooperative arrangements for law enforcement (Box G.1), and
they are most likely to be concluded successfully if they
are arranged informally, on a case-by-case basis in which
the scope and nature of use are clearly delimited (i.e.,
relatively small-scale and clearly specified use).
Alternatively, access might be requested on an ad hoc basis
as the occasion arises, as is the case for other types of
informally arranged law enforcement cooperation.
BOX G.1
On Mutual Assistance Agreements for Law Enforcement
The United States has mutual assistance agreements for law
enforcement with many other nations. These agreements,
managed by the Criminal Division of the Department of
Justice with a State Department liaison, provide for mutual
cooperation for the prevention, investigation, and
prosecution of crime, to the extent permitted by the laws of
each nation, in many areas. In general, these agreements
discuss cooperation in certain listed areas as illustrative,
but they usually have a “catchall” category. Some of the
listed areas include:
Assistance in obtaining documents;
Release of interviews and statements of witnesses;
Arrangement of depositions;
Assistance in securing compulsory process (e.g.,
subpoenas);
Cooperation in obtaining extradition consistent with
existing extradition treaties; and
Cooperation in obtaining forensic information (e.g.,
laboratory results and fingerprints).
These agreements are meant to enhance the collection of
information and evidence in foreign nations when a crime is
being committed or planned. Thus, they could serve as the
vehicle for cooperative action with respect to sharing
cryptographic keys available to the government (pursuant to
its law enforcement objectives) of a given nation for
specific law enforcement purposes; keys given by Nation A to
Nation B would be obtained in accordance with the laws of
Nation A and the mutual assistance agreement between Nations
A and B. These agreements do not make new law; unlike
treaties, they simply facilitate cooperation with respect to
existing law.
To adapt these agreements to cover sharing of cryptographic
information, the nations involved could use the catchall
category or explicitly negotiate agreements covering this
area; the first could suffice until the second was
implemented.
In general, these agreements have worked well.
Nevertheless, some problems exist. For example, they may
not work fast enough to provide time-urgent responses to
pressing law enforcement needs. In addition, some nations
that are party to a mutual assistance agreement may not be
trustworthy with respect to certain areas (e.g., the
Colombian government with respect to drugs, the Mexican
government with respect to immigration matters and smuggling
of aliens).
Option 2 alone will not satisfy U.S. needs for intelligence
gathering from the foreign nations involved, because by
assumption it requires the involvement (and hence the
knowledge) of an escrow agent that is subject to another
nation’s jurisdiction. Further, it is inconceivable that
the United States is a party to any formal or informal
agreement to obtain keys from nations that are most likely
to be the targets of interest to U.S. decision makers (e.g.,
rogue nations). On the other hand, options 1 and 3 also
pose problems for U.S. intelligence gathering, because even
with the ability to obtain keys individually, the United
States loses the ability to conduct good bulk intercepts.
On the assumption that there is no large-scale “master key,”
individual keys would still have to be obtained. This would
inevitably be a time-consuming process and could diminish
the flow of signals intelligence information, since
obtaining individual keys is a much more time- and labor-
intensive activity than listening to unencrypted traffic.
The Administration’s position on foreign escrow agents is
stated in one of its proposed criteria for liberalized
export consideration for escrowed encryption software.
Specifically, it proposes that the relevant keys be escrowed
with “escrow agent(s) certified by the U.S. Government, or .
. . by foreign governments with which the U.S. Government
has formal agreements consistent with U.S. law enforcement
and national security requirements.”27
Note that all of the issues discussed in Chapter 5 with
respect to liability for unauthorized disclosure of keys
necessarily apply in an international context.28
G.7.3 How Will Nations Reach Consensus on International
Cryptography Policy Regarding Exports and Use?
Harmonized Export Policies
Agreement on the following points would be necessary to
develop a common export control policy that would help to
preserve law enforcement and intelligence-gathering
capabilities by retarding the spread of cryptography
worldwide:
Rough concurrence among nations exporting cryptography
about the nations whose access to encryption capabilities
should be kept to a minimum and what policy toward those
nations should be;
Willingness to allow relatively free trade in products
with encryption capabilities among member nations;
Willingness to abide by prohibitions on re-export to rogue
nations; and
Agreement among member nations about the types of
encryption capabilities that would constitute a threat if
widely deployed.
The extent to which agreement on these points can be reached
is an open question, although there are precedents to some
degree in the U.S. bilateral arrangements with various other
nations for cooperation in law enforcement matters. A high
degree of concurrence among these nations (a “crypto-CoCom”)
would help to retard the spread of encryption capabilities
to rogue nations, with all of the attendant benefits for law
enforcement and national security.
Many problems stand in the way of achieving a plausible
crypto-CoCom regime. These include the following:
The scope of a crypto-CoCom. Given that the basic
algorithms for cryptography are known worldwide, it is not
clear that the developed nations of the world have a true
monopoly on the technology. Many of the traditional lesser
developed countries in Asia and Latin America are
demonstrating significant interest in modernizing their
communications infrastructures, and they will almost
certainly be driven to an interest in secure communications
as well.
The absence of a pervasive threat. With the demise of the
Soviet Union, it has proven much more difficult for the
United States to take the lead in matters requiring
international cooperation.
The implied connection between third-party decryption for
governments and export-import controls. International
arrangements will have to satisfy the needs of participating
nations for third-party decryption before they will agree to
relax import and use controls.
Harmonized Policies Regarding Use
As noted above, the Organization for Economic Cooperation
and Development held a December 1995 meeting in Paris among
member nations to discuss how these nations were planning to
cope with the public policy problems posed by
cryptography.29 What this meeting made clear is that many
OECD member nations are starting to come to grips with the
public policy problems posed by encryption, but that the
dialogue on harmonizing policies across national borders has
not yet matured. Moreover, national policies are quite
fluid at this time, with various nations considering
different types of regulation regarding the use, export, and
import of cryptography.
The majority view of the assembled nations was that national
policies had to balance the needs of corporate users,
technology vendors, individuals, law enforcement, and
national security. A number of participants appeared to
favor a “trusted third-party” approach that would rely on
nongovernment entities (the trusted third party) to serve as
the generators of cryptographic keys for confidentiality for
use by the public as well as escrow agents holding these
keys and responding to legally authorized requests for
encryption keys for law enforcement purposes.30 However,
the needs of national security were not mentioned for the
most part.31,32
1In the international arena, as elsewhere, not all aspects
of cryptography are necessarily equally critical to all
problems of security. For example, to some extent, the
security of international electronic payments and other
financial transactions can be enhanced through collateral
(nonconfidentiality) uses of cryptography, as discussed in
Chapter 2.
2Experience in other Internet-related matters suggests that
many governments are willing to wield their influence in
areas that they believe affect the public safety and
welfare. For example:
The CompuServe on-line service suspended access worldwide
to approximately 200 Internet “newsgroups” at the request of
the German government. These newsgroups were
suspected of carrying child pornography. See John Markoff,
“On-Line Service Blocks Access to Topics Called
Pornographic,” New York Times, December 29, 1995, p. A1.
The People’s Republic of China declared its intent to
supervise the content of all financial news reports that
collect information in China. Specifically, it announced
that “foreign economic information providers will be
punished in accordance with the law if their released
information to Chinese users contains anything forbidden by
Chinese laws and regulations, or slanders or jeopardizes the
national interests of China.” See Seth Faison, “Citing
Security, China Will Curb Foreign Financial News Agencies,”
New York Times, January 17, 1996, p. A1. China is also
attempting to develop Internet-compatible technology that
will enable a strong degree of government control over the
content that is accessible to Chinese residents. See
“Chinese Firewall: Beijing Seeks to Build Version of the
Internet That Can Be Censored,” Wall Street Journal, January
31, 1996, p. 1.
Singapore announced that it would hold providers of access
to the Internet and content providers responsible for
preventing information deemed to be pornographic or
politically objectionable from reaching Internet users in
Singapore. See Darren McDermott, “Singapore Unveils
Sweeping Measures to Control Words, Images on Internet,”
Wall Street Journal, March 6, 1996, p. B6.
3At the same time, differences of national law in certain
other important areas should not be overlooked.
Specifically, the crimes for which an individual may be
extradited vary from nation to nation (e.g., some nations
will not extradite a person for financial fraud); in
addition, some nations may criminalize certain activity
related to computers and/or electronic communications that
other nations do not. Enforcement of laws is often
difficult over national boundaries, even if relevant laws in
another nation do criminalize particular acts. The reason
is that if Nation A suffers the brunt of actions taken by a
citizen resident of Nation B, Nation B may have little
incentive to prosecute those actions even if its laws
criminalize them, since it does not particularly suffer from
those actions. Both of these factors complicate the
feasibility of achieving international agreements. Some
discussion of different international perspectives on
computer crime can be found in the United Nations Manual on
the Prevention and Control of Computer-Related Crime,
available on-line at
http://www.ifs.univie.ac.at/~pr2gq1/rev4344.html.
4See, for example, Phil Williams, “Transnational Criminal
Organizations and International Security,” Survival, Volume
36(1), Spring 1994, pp. 96-113.
5For example, a disclosure that a Spanish military secret
service intercepted hundreds of mobile telephone
conversations caused considerable public uproar. See
“Spaniards Stunned by Military Eavesdropping,” New York
Times, June 16, 1995, p. A5.
6For example, 37% of U.S. households have personal
computers, compared with 21% in Spain, 9% in Britain, 19% in
Germany, 14% in Italy, 15% in France (excluding Minitel),
and 15% in other European nations. See John Tagliabue,
“Europeans Buy Home PC’s at Record Pace,” New York Times,
December 11, 1995, p. D1.
7The most authoritative study on the laws of other nations
regarding controls on the export, import, and use of
cryptography is a study produced by the Department of
Commerce and the National Security Agency. See Department
of Commerce and National Security Agency, A Study of the
International Market for Computer Software with Encryption,
Washington, D.C., released January 11, 1996.
8National Research Council (NRC), Finding Common Ground,
National Academy Press, Washington, D.C., 1991, p. 62
(footnote).
9For detailed discussion of the CoCom regime, see NRC,
Finding Common Ground, 1991, and NRC, Balancing the National
Interest, National Academy Press, Washington, D.C., 1987.
10For example, most countries have not yet attained the
degree of success in producing shrink-wrapped software
applications incorporating cryptography that the United
States has; potentially, they could do so and become
significant suppliers of such applications.
11For example, see NRC, Finding Common Ground, 1991, pp. 99-
100.
12Office of Industries, U.S. International Trade Commission,
Global Competitiveness of the U.S. Computer Software and
Service Industries, Staff Research Study #21, Washington,
D.C., June 1995, Chapter 3.
13Department of Commerce and National Security Agency, A
Study of the International Market for Computer Software with
Encryption, 1996, Part II.
14International Cryptography Institute (ICI) 1995, George
Washington University, Sept. 22.
15Still, the mere existence of such laws--whether or not
enforced--serves as an obstacle to large vendors who wish to
sell products with encryption capabilities or to provide
encryption services, thereby reducing their availability to
the average consumer. In addition, such nations may well
practice selective enforcement of such laws. For example, a
representative of a major computer company with a French
subsidiary observed at the ICI 1995 conference that although
French laws forbidding the use of unregistered encryption
were not regularly enforced against private users, they did
inhibit this company from marketing products with encryption
capabilities in France.
16The feasibility of such practices is documented in a 1992
report by the U.S. Department of Commerce, which describes
foreign governments’ assistance to their domestic
industries. This report found that foreign governments
assist their industries by creating barriers to the domestic
market (e.g., through tariffs or quotas, testing
regulations, investment restrictions, and product and
service standards), by devising incentives for domestic
production (e.g., tax policies and legal regimes for
intellectual property that favor domestic industries), and
by aiding in market development (e.g., guaranteeing a
certain minimum level of sales through government purchase,
providing foreign aid to buy domestic goods, applying
political pressure to potential customers). See U.S.
Department of Commerce, Foreign Government Assistance to
Domestic Industry, U.S. Government Printing Office,
Washington, D.C., September 1992, p. iii.
17According to the article, the company was unable to
provide interception services to Pakistani intelligence
agencies. According to a Mobilink official, “There are no
commercial products . . . that enable over-the-air
monitoring of calls.” However, it remains unclear why
agencies would require monitoring of wireless mobile-to-base
traffic, instead of intercepting at the base station.
Although the Global System for Mobile Communication’s
digitally encrypted wireless traffic may be hard to tap in
real time, it is decrypted at the base station.
18There are several systems in preparation that use low-
Earth-orbit satellites to provide direct communications
links, including Iridium and Odyssey.
19Indeed, in the absence of standards, interoperability is
often a problem even when cryptography is not involved.
20Although the notion of a global information infrastructure
is based to a large degree on the idea that national
boundaries are porous to information, nations can and do
exert some influence over what information may cross their
borders. For example, while traffic may traverse many
countries between Nation A and Nation B, it is not
inconceivable that an intermediate nation might attempt to
establish a policy on cryptography that any incoming traffic
had to be sent in the clear. Enforcing such a policy would
be technically difficult for individual nations to
accomplish in today’s networking environment, but a
different architecture might make it easier.
21An additional challenge is the emergence of national or
commercial parties that will provide communications that are
independent of any physical infrastructure under the control
of any given nation. For example, a person in Japan might
use a portable device to communicate with someone in Peru,
connecting directly through a future American communications
satellite. Such a channel might bypass entirely the
Japanese and Peruvian national authorities. Even more
complicated might be the use of a communications satellite
bought from an American manufacturer by Indonesia and
launched into orbit by the French. (However, satellite
communications are subject to a degree of control over
services offered, in the form of international agreements in
the International Telecommunication Union on the uses of
electromagnetic frequency spectrum.)
22Policies regarding cryptography are complicated further by
policies on data. For example, a number of European nations
will not permit the transport of personal data (e.g., on
employees) out of their countries for privacy reasons, even
though a multinational firm might like to be able to process
such data in one central location. To ensure that such data
are not transported, those nations may demand the ability to
inspect all transborder data flows outward.
Controlling inbound data may pose problems. For example, a
dictatorial government may assert the right to monitor data
flowing into its nation, perhaps to combat subversive
agitation. Even democratic governments may wish for the
ability to monitor certain incoming data to prevent money
laundering.
Laws governing privacy can conflict with laws on
cryptography. For example, a law on data privacy may
require that certain sensitive data associated with an
individual be protected, while a law on cryptography may
forbid the use of cryptography. Such laws would obviously
conflict if a situation arose in which cryptography were the
only feasible tool for protecting such data.
In short, policies regarding data export, import, and
privacy are an additional dimension of resolving policy with
respect to cryptography.
23U.S. State Department, “Press Release: New Multilateral
Export Control Arrangement,” Office of the Spokesman,
Washington, D.C., January 23, 1996.
24See Sarah Walking, “Russia Ready to Join New Post-CoCom
Organization,” Arms Control Today, September 1995, pp. 31-
33.
25Under the Clipper initiative, U.S. policy is that the two
escrow agents in the United States have Clipper/Capstone
keys because they are available and put into escrow at the
time they are programmed at the U.S. factory. Since there
is no formal policy governing what should be done if a
foreign nation purchases Clipper-compliant devices, the
current policy obtains by default.
26An important operational question is the following: If
the keys are generated in the United States, on what basis
could any foreign user be confident that the United States
did not retain a copy of the keys that were issued to him or
her? Such a question arises most strongly in a hardware-
based escrow encryption product with a U.S.-classified
design in which the United States is the designated key
generator for reasons of classification.
27National Institute of Standards and Technology, Draft
Software Key Escrow Encryption Export Criteria, November 6,
1995; see Box 5.3, Chapter 5.
28Some agreements establish the extent and nature of
liability in other contexts (e.g., the Warsaw Convention and
airline travel), thus suggesting that the international
dimensions of liability for unauthorized release of keys are
not necessarily insurmountable.
29Additional information on this meeting can be found in
Stewart Baker, Summary Report on the OECD Ad Hoc Meeting of
Experts on Cryptography, Steptoe and Johnson, Washington,
D.C., undated. Available on-line at sbaker@steptoe.com or
check http://www.us.net/~steptoe/276908.html.
30See, for example, Nigel Jefferies, Chris Mitchell, and
Michael Walker, A Proposed Architecture for Trusted Third
Party Services, Royal Holloway, University of London, 1995.
31For additional industry-oriented views on international
policies concerning the use of cryptography, see U.S.
Council for International Business, Business Requirements
for Encryption, New York, October 10, 1994; INFOSEC Business
Advisory Group, Commercial Use of Cryptography, statement
presented at the ICC-BIAC-OECD Business-Government Forum,
Paris, France, December 1995; European Association of
Manufacturers of Business Machines and Information
Technology Industry (EUROBIT), Information Technology
Association of Canada (ITAC), Information Technology
Industry Council (ITIC), and Japan Electronic Industry
Development Association (JEIDA), Principles of Global
Cryptographic Policy, statement presented at the ICC-BIAC-
OECD Business-Government Forum, Paris, France, December 19,
1995. The statements from the Paris meeting are available
on-line at
http://www.cosc.georgetown.edu/~denning/crypto/#ici.
32Intelligence needs may conflict directly with needs for
business information security. For example, U.S. and
foreign companies sometimes form consortia that work
cooperatively to make money; national intelligence agencies
often funnel information to individual companies to develop
competitive advantage. One major reason that U.S. companies
operating internationally want to have encrypted
communications is to protect themselves against the threat
of national intelligence agencies. Thus, they would require
that any escrow arrangements at a minimum include audit
trails to ensure that their communications were being
monitored in accordance with laws governing criminal
investigations and the like (in the United States, this
might be a court order) to ensure that data from wiretaps
were not being funneled to foreign competitors. However, it
is very hard to imagine that a foreign intelligence agency
would be willing to provide such assurances or to live with
such audit restrictions. Ultimately, the trade-off might be
the willingness of an international corporation to bargain
with the host nation about the ability to have secure
communications, using its willingness to invest in the host
nation as its ultimate bargaining chip to force the host
nation to acquiesce.